From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 9 Jul 2012 15:30:22 +0000 (+0200)
Subject: paranoia: refuse rm_rf("/")
X-Git-Tag: v187~154
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=461b1822321d6be0d7fd8be29bf3b4993ebd1b85

paranoia: refuse rm_rf("/")
---

diff --git a/TODO b/TODO
index 5efd11b2e..dde1b90d4 100644
--- a/TODO
+++ b/TODO
@@ -22,6 +22,10 @@ Bugfixes:
 
 Features:
 
+* refuse taking lower-case variable names in sd_journal_send() and friends.
+
+* when running as user instance: implicitly default to WorkingDirectory=$HOME for all services.
+
 * journalctl highlight reboots
 
 * Merge KillUnit()'s mode and who params into one
diff --git a/src/journal/journald.c b/src/journal/journald.c
index 8d1b10d27..0629f79f1 100644
--- a/src/journal/journald.c
+++ b/src/journal/journald.c
@@ -2058,7 +2058,6 @@ static int system_journal_open(Server *s) {
 }
 
 static int server_flush_to_var(Server *s) {
-        char path[] = "/run/log/journal/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
         Object *o = NULL;
         int r;
         sd_id128_t machine;
@@ -2135,6 +2134,7 @@ finish:
         s->runtime_journal = NULL;
 
         if (r >= 0) {
+                char path[] = "/run/log/journal/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
                 sd_id128_to_string(machine, path + 17);
                 rm_rf(path, false, true, false);
         }
diff --git a/src/shared/util.c b/src/shared/util.c
index 041a63bb4..41505b2ca 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -3339,6 +3339,9 @@ int rm_rf(const char *path, bool only_dirs, bool delete_root, bool honour_sticky
 
         assert(path);
 
+        /* Be paranoid */
+        assert(!streq(path, "/"));
+
         fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
         if (fd < 0) {